10-16-2017 01:25 AM
Are we working on a patch for this?
Your software is vulnerable! the KRACK kit on guthub WORKS on the EA9500 and the velop system confirmed.
Solved! Go to Solution.
10-16-2017 07:26 AM
considering they run linnux on their routers, it shouldnt be that hard. all they need to do is update hostAPD.
it was privately disclosed to them in august 2017
well i can confirm the github drop does work on the ea9500, velop, ea7500 and the wrt32x. they are all at risk right now. and the firmware can be injected so it cant truly be updated. (it will only relfect the version but the exploited firmware stays in place)
without a real factory reset (holding the button till the light goes off. its also confirmed in netgear non beta firmware and asus non beta.
if they knew since august i wonder what the hold up is? i heard they knew since september either way
10-16-2017 08:12 AM - edited 10-16-2017 08:12 AM
I've notified Linksys engineering of this WPA2 vulnerability. When Linksys engineering responds I will report back.
10-17-2017 01:02 AM
Can hidden SSID avoid this vulnerability from outside attack?
I don't think disabling the broadcast can mitigate the attack at all. This vulnerability, however, can only be exploited via local connection, not over the internet.
While waiting for Android and iOS devices to be patched and hardwares to have firmware updated, I strongly suggest enabling WI-Fi MAC address filtering instead while keeping the WPA2 encryption. This works effectively against the use of brute force attack like the ones using Reaver.
Microsoft already released update for supported Windows versions last Oct 10th and Google schduled release of security patches for Android first week of November. iOS and MacOS will also have their patched beta versions go public in a few weeks.
10-17-2017 09:50 AM